Secret material exchange and authentication cryptography operations

ABSTRACT

Aspects of associative cryptography key operations are described. In one embodiment, a first cryptographic function is applied to secret data to produce a first encrypted result. The first encrypted result is transmitted by a first device to a second device. The second device applies a second cryptographic function to the first encrypted result to produce a second encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data from others. The two different cryptographic function can be inversed or removed, in any order, to reveal the secret data. Thus, the first device can apply a first inverse cryptographic function to the second encrypted result to produce a first result, and the second device can apply a second inverse cryptographic function to the first result to decrypt the secret data.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application claims priority to PCT Application No.PCT/US2019/041871, filed on Jul. 15, 2019, and titled “SECRET MATERIALEXCHANGE AND AUTHENTICATION CRYPTOGRAPHY OPERATIONS,” which is herebyincorporated by reference in its entirety for all purposes.

BACKGROUND

Cryptography is related to the study of protocols, techniques, andapproaches that prevent third parties from accessing, reading, and/orinterpreting secret data. Cryptography can be applied to variousprocesses in information security, such as data integrity andencryption, confidentiality, authentication, verification, andnon-repudiation. Thus, cryptography has several applications in variousfields, including data encryption and privacy, computer networkcommunications and transaction processing, and computing system securityand integrity.

Modern cryptography often relies upon computational hardness inmathematical theory. In other words, it might be theoretically possibleto break certain cryptographic systems, but the time required to do somakes such cryptographic-defeating processes intractable. Typically,computationally-secure cryptography processes are preferable to thosewhich are easier to defeat. At the same time, however,computationally-secure cryptography processes might be morecomputationally-intensive to implement and, thus, more time consumingand costly. In that context, although some cryptographic processes, suchas a one time pad, cannot be broken or defeated even with unlimitedcomputing power, those schemes are more difficult to implement than agood, theoretically-breakable but computationally secure approach. Assuch, modern computing devices may exchange secret data usingcryptographic processes having security problems (e.g., the processesare susceptible to brute force attack). At the same time, thosecryptographic processes may be resource intensive (e.g., the processesare computationally-intensive to implement).

BRIEF DESCRIPTION OF THE DRAWINGS

Many aspects of the present disclosure can be better understood withreference to the following drawings. The components in the drawings arenot necessarily to scale, with emphasis instead being placed uponclearly illustrating the principles of the disclosure. Moreover, in thedrawings, like reference numerals designate corresponding partsthroughout the several views.

FIG. 1 illustrates a process of secret text transfer using asymmetrickeys.

FIG. 2 illustrates a representative process of secret key transfer usingcryptography processes according to various embodiments describedherein.

FIG. 3A illustrates an example distribution function of variablesresulting from the white noise associative cryptography key operationsaccording to various embodiments described herein.

FIG. 3B illustrates example probability distribution functions ofvariables resulting from the white noise associative cryptography keyoperations according to various embodiments described herein.

FIG. 4 illustrates example user interfaces of a program to performcryptography key operations according to various embodiments describedherein.

FIG. 5 illustrates a more particular example of a secret key transferprocess according to the concepts described herein.

FIG. 6 illustrates an example of a secret key transfer process usingauthentication according to the concepts described herein.

DETAILED DESCRIPTION

As noted above, cryptography is related to the study of protocols,techniques, and approaches that prevent third parties from accessing,reading, and/or interpreting secret data. In the context ofcryptography, the Rivest-Shamir-Adleman (RSA) cryptosystem, ellipticcurve cryptography (ECC) cryptosystem, and other asymmetrical (andsymmetrical) methods of secure key exchange have security problems.Those cryptosystems are based on complexity and can, theoretically, bedecrypted.

In contrast to the RSA, ECC, and other cryptosystems, the cryptographicprocesses described herein is more immune to cryptanalysis and permitsthe sharing of secret data, such as symmetric keys and other secretdata, over public networks. The cryptographic system can also be usedfor authentication. No known methods of traditional or quantum computingcan be used to circumvent the cryptographic approaches described herein.The cryptographic system described herein was developed to achieve anumber of goals including (1) securely exchanging cryptographic keysover public networks, (2) information ciphering, authentication, and (4)encryption for public networks that is secure against standard andquantum computing.

In the context described herein, white noise can be defined as (or caninclude) a sequence of independent random variables (e.g., discretenumbers) with a uniform probability distribution. Polynomial white noisecan be defined as (or can include) a sequence of polynomial functionvalues composed by independent random variables (e.g., discrete numbers)with a uniform probability distribution.

No known algorithm can decrypt the operations described herein due, atleast in part, to the use of white noise randomization. The unknownindependent variables appear to third parties as random white noise and,thus, there is no correlation between those variables and anyinformation being transferred. As one example, the key exchange methodor process described herein can be shown as an exchange of matrices witha corresponding number of different unknown independent variables andvisible values. The number of unknown independent variables alwaysexceeds the number of visible independent values in any combination ofsubsets of matrices. Further, the number of unknown variables exceedsthe number of publically visible polynomial functions. Additionally, noinverse polynomial functions can be determined without information aboutthe secret key—even if the plain text of the secret key is known by athird party.

Turning to the drawings, FIG. 1 illustrates a process of secret texttransfer using asymmetric keys. In the example shown in FIG. 1 , Alicewishes to communicate secret text to Bob over a public network, such asthe Internet, and Eve is the eavesdropper. To communicate the secrettext, which can be a symmetric key or any other secret information,Alice and Bob use asymmetric cryptography. Asymmetric cryptographyrelies upon a key pair including a public key that can be disseminatedto third parties (e.g., Alice) and a private key which is kept private(e.g., by Bob). In an asymmetric cryptography system, any person canencrypt a message using the public key, and that encrypted message canonly be decrypted using the private key. The strength of asymmetriccryptography relies on the degree of difficulty (e.g., computationalimpracticality) for a private key to be determined from its associatedpublic key. Asymmetric cryptography also depends on keeping the privatekey private.

Referring back to FIG. 1 , Alice obtains a copy of a public key from Bob(or any other source). Alice encrypts the secret text using the publickey to produce the encrypted secret text and communicates it to Bob overthe public network. Bob then decrypts the encrypted secret text usingthe private key to obtain the secret key. Over the public network, Evecan only see the encrypted secret text. Even if Eve obtains a copy ofthe encrypted secret text and the public key used to create it, Evecannot obtain the secret text from the encrypted secret text using thepublic key. Instead, only the private key, which is securely held andprotected by Bob, can be used to decrypt the encrypted secret text toobtain the secret text from Alice.

There are drawbacks and limitations to using asymmetric cryptography.For example, it is algorithmically possible to estimate (or determine)the private key in a key pair from the publicly available public key.Additionally, asymmetric key pairs are relatively difficult and timeconsuming to create, typically depending upon the identification oflarge prime numbers. Further, asymmetric cryptography can be vulnerablein that it may produce the same predictable encrypted output when thesame secret text is encrypted.

To be distinguished from other cryptographic systems, variouscryptography processes or operations are described herein. In oneembodiment, a first cryptographic function is applied to secret data.The first cryptographic function operates as a type of cryptographic keyand encrypts or ciphers the secret data to produce a first encryptedresult. The first encrypted result can be securely transmitted by afirst device to a second device. The second device then applies a secondcryptographic function to the first encrypted result. Similar to thefirst cryptographic function, the second cryptographic function operatesas a cryptographic key and further (or doubly) encrypts or ciphers thefirst encrypted result to produce a second (or doubly) encrypted result.At this point, the secret data has been encrypted by two differentcryptographic functions, each of them being sufficient to secure thesecret data. The two different cryptographic functions can then beinversed or removed, in any order, to reveal the secret data.

Turning to the embodiments, FIG. 2 illustrates a representative process20 of secret key transfer using cryptography processes according tovarious embodiments described herein. The process described below can beperformed by any suitable computing device(s) including a processor andmemory, without limitation. In the example shown in FIG. 2 , Alice wantsto securely pass the secret key Xto Bob over a public network. To do so,Alice should first encrypt the secret key X before sending it to Bob.

To encrypt the secret key X, Alice holds a first cryptographic functionF_(A). In various embodiments, the cryptographic function F_(A) can beembodied as any suitable mathematical function having an inverse whichcannot be determined without knowledge of a certain set of parameters ofthe mathematical function. In one embodiment, the function F_(A) can beembodied as a polynomial function or multivariate polynomial functiondefined in part by one or more variables, combinations of variables,combinations of variables at various powers, and coefficients. To undoor unlock (e.g., decrypt) the effect of the cryptographic functionF_(A), Alice also holds a first inverse cryptographic function F⁻¹A.

To start, at step 202, the process 20 includes Alice generating, with afirst computing device, a first random lock X_(A). The first random lockX_(A) can be embodied as an array or vector of random scalar integers,for example, or another suitable organized structure of random numbers.In the process 20, the first random lock X_(A) can operate as a type ofinitialization vector upon which the cryptographic function F_(A) isapplied in combination with the secret key X. For example, the firstrandom lock X_(A) helps to randomize the application of thecryptographic function F_(A) creating, in effect, a new randomcryptographic function F_(A) for each different random lock X_(A). Inthat context, the first random lock X₄ helps to achieve semanticsecurity, so that repeated usage of the cryptographic function F_(A)with the same operand does not produce the same ciphered result and doesnot allow an attacker to infer any information.

At step 204, the process 20 includes Alice applying, with the firstcomputing device, the first cryptographic function F_(A) to acombination of the secret key X and the first random lock X_(A) toproduce a first encrypted result R₁. Here, Alice's secret key X, whichcan include letters, numbers, American Standard Code for InformationInterchange (ASCII) characters, etc., is ciphered with random numbers(i.e., the first random lock X_(A)) using the cryptographic operation orfunction F_(A). The cryptographic function F_(A) can be embodied as anysuitable mathematical function, such as a polynomial or multivariatepolynomial function. For example, the cryptographic function F_(A) canbe embodied as a polynomial function F(CX^(k)) of kth order written as:

$\begin{matrix}{{{F\left( {CX}^{k} \right)} = {\sum\limits_{i_{1} = 1}^{k}{\ldots{\sum\limits_{i_{2} = 1}^{k}{C\text{?}X_{i_{1}}X_{i_{2}}\ldots X_{i_{2}}}}}}},} & (1)\end{matrix}$ ?indicates text missing or illegible when filed

where C_(i . . . k) are coefficients of the polynomial functionF(CX^(k)), and X_(i . . . k) are combinations of the operand X, whichcan include a combination of a random lock and secret data.

Thus, at step 204, Alice's secret key X, which may include letters,numbers, American Standard Code for Information Interchange (ASCII)characters, etc., are ciphered with random numbers based on the firstrandom lock X_(A) and the first cryptographic function F_(A). As anexample, a distribution function of the variables in the results R₁, R₂,and R₃ is shown in FIG. 3A, and probability distribution functions ofthe variables in the results R₁, R₂, and R₃ is shown in FIG. 3B.

The structure of the polynomial function F(CX^(k)) and the coefficientscan be known to others (although they generally are not) from theformalization of the algorithm. However, even if the structure of thepolynomial function F and values of the coefficients C, k are known to athird party, the third party still cannot decrypt the transferredinformation.

At step 206, the process 20 includes Alice transmitting, with the firstcomputing device, the first encrypted result R₁ to Bob's secondcomputing device. At step 208, the process 20 includes Bob generating,with the second computing device, a second random lock X_(B). Similar tothe first random lock X_(A), the second random lock X_(B) can beembodied as an array or vector of random scalar integers, for example,or another suitable organized structure of random numbers. In theprocess 20, the second random lock X_(S) can also operate as a type ofinitialization vector for the cryptographic function F_(B). For example,the second random lock X_(B) helps to randomize the application of Bob'scryptographic function F_(B) creating, in effect, a new randomcryptographic function F_(B) for each different random lock _(XB). Inthat context, the second random lock X_(B) helps to achieve semanticsecurity, so that repeated usage of the cryptographic function F_(B)with the same operand does not produce the same ciphered result and doesnot allow an attacker to infer any information.

At step 210, the process includes Bob applying, with the secondcomputing device, Bob's cryptographic function F_(B) to a combination ofthe first encrypted result R₁ and the second random lock X_(B) toproduce a second encrypted result R₂. Here, the first encrypted resultR₁ (e.g., F_(A)(X,X_(A))) is (doubly) ciphered with random numbers(i.e., the second random lock X_(B)) using the cryptographic operationor function F_(B). The cryptographic function F_(B) can be embodied asany suitable mathematical function, such as a polynomial or multivariatepolynomial function. For example, the cryptographic function F_(B) canbe embodied as a polynomial function F(CX^(k)) of kth order according tothat shown above in Equation (1).

At this point, Alice's secret key X has been encrypted or ciphered bytwo different cryptographic functions F_(A) and F_(B), each of thembeing sufficient to secure the secret key X from others. The twodifferent cryptographic functions can then be inversed or removed, inany order, to reveal the secret key X. In other words, to decrypt thesecret key X from the second encrypted result R₂ (i.e., to undo theeffects of the cryptographic functions F_(A) and Fa) it is possible toeither apply the inverse F⁻¹ _(A) function to F_(A) or the inverse F⁻¹_(B) function to F_(B) first. Thus, according to one aspect ofassociative cryptography key operations described herein, the order inwhich the second encrypted result R₂ is applied to the inversecryptographic functions F⁻¹ _(A) and F⁻¹ _(B). does not impact theresults of the decryption of secret key X from the second encryptedresult R₂. Further, any number of cryptographic functions to F₁ . . .F_(N) can be applied to encrypt secret data in any order to produce anencrypted result R_(N), and that encrypted result R_(N) can be decryptedin any order using the inverse cryptographic functions F⁻¹ ₁ . . . F⁻¹_(N).

At step 212, the process 20 includes Bob transmitting, with the secondcomputing device, the second encrypted result R₂ to the first computingdevice. At step 214, the process 20 includes Alice applying, with thefirst computing device, the first inverse cryptographic function F⁻¹_(A) to the second encrypted result R₂ to produce the result R₃. Thefirst inverse cryptographic function F⁻¹ _(A) unlocks or removes theeffect of both the first random lock X_(A) and the first cryptographicfunction F_(A). Thus, the result R₃ is what remains of the secondencrypted result R₂ after the effect of the first random lock X_(A) andthe first cryptographic function F_(A) are undone or unlocked (e.g.,F_(B)(X,X_(B))). Thus the result R₃ is still encrypted, but only byBob's second random lock X_(B) and the second cryptographic functionF_(B), and the result R₃ can be securely transmitted over the publicnetwork.

At step 216, the process 20 includes Alice transmitting, with the firstcomputing device, the result R₃ to the second computing device. Finally,at step 218, the process 20 includes Bob applying, with the secondcomputing device, the second inverse cryptographic function F⁻¹ _(B) tothe result R₃ to arrive at the secret key X.

At the end of the process 20, the secret key X has been securelycommunicated from Alice to Bob. In contrast to the asymmetric keyprocess described above with reference to FIG. 1 , key pairs are notused in the process 20.

The general idea embodied in the process 20 is based on certain featuresof the publically unknown vectors X and the publically available(potentially visible) vectors R. Particularly, the number of variables“n” of the vectors X {x₁, . . . , x_(n)} is always more than the numberof variables “m” of the vectors R={r₁, . . . , r_(m)}, i.e., n>m. Thus,there are no known algorithms which give a definite decryption solutionof the secret key X, based only on visible values of the vectors R inthe public networks. From this point of view, the method iscryptanalysis resistant. To obtain the only solution x₁, . . . , x_(n)from the values r₁, . . . , r_(m) of the polynomial functions F_(A) andF_(B), the third party (e.g., outsider Eve) should have additionalinformation about the structure of the random vectors X_(A) and X_(B),which are available for Alice and Bob only. For instance, fromx₁+x₂+x₃=r₁, it is not possible for a third party to arrive at a singlesolution for x₁ with only the value of the variable r₁ being publicallyvisible, because the additional information about the values of thevariables x₂+x₃ are not known.

A comparison of the features of asymmetrical methods and the methoddescribed herein is give in Table 1 below.

TABLE 1 Public-Private Key PWN Three Features Asymmetrical (RSA, ECC)Pass Method Numbers Prime Numbers Any Random Numbers Time to DevelopRelatively More Costly Negligible New Key Processing Time RelativelyMore Costly Negligible Inverse Function From Relatively Complex InverseFunction Public Key Does Not Exist Third Party Defeat Possible NeverPublic Network Output Constant, predictable Random, For Constant Inputunpredictable

An example of the use of the method described herein is provided below.Using the method, plain text (as a letter or ASCII code of 256 numbers)is represented in ciphered text by three corresponding random numbersr₁, r₂ and r₃ which are calculated by a random generator. Table 2 showsan example of how the plain text “This is a plain text” appears inciphered numbers.

TABLE 2 Plain text Ciphered text text r₁ r₂ r₃ T 0.001251 0.5635850.003585 h 0.193304 0.808741 0.158307 i 0.585009 0.479873 0.28051 s0.350291 0.895962 0.313555 0.82284 0.746605 0.614412 i 0.174108 0.8589430.151801 s 0.710501 0.513535 0.363394 0.303995 0.014985 0.006167 a0.091403 0.364452 0.035009 0.147313 0.165899 0.02575 p 0.988525 0.4456920.438709 1 0.119083 0.004669 0.001204 i a 0.00891 1 0.37788 0.005292 i0.531663 0.571184 0.303183 n 0.601764 0.607166 0.363988 0.1662340.663045 0.113037 t 0.450789 0.352123 0.159469 e 0.057039 0.6076850.037377 x 0.783319 0.802606 0.623152 t 0.519883 0.30195 0.157851

Uniform distribution is called “white noise” due to its informativefeatures. For the letter ‘A’ (ASCII code 65), as one example, the randomnumbers may appear over the public net as r₁=0.001251, r₂=0.563585,r₃=0.560746 or r₁=0.585009, r₂=0.479873, r₃=0.105796 and every time therandom variables r₁, r₂, r₃ will be unpredictable. The correlationfunction between any two variables x and y is estimated as follows:

$\begin{matrix}{{{corr}\left( {x,y} \right)} = {\frac{\sum{\left( {x - \overset{\_}{x}} \right)\left( {y - \overset{\_}{y}} \right)}}{\sqrt{\sum{\left( {x - \overset{\_}{x}} \right)^{2}{\sum\left( {{y -}\overset{\_}{y}} \right)^{2}}}}}.}} & (2)\end{matrix}$

The results of correlation function evaluation for pairs (r₁, r₂), (r₂,r₃) and (r₁, r₃) are given in Table 3 below.

TABLE 3 corr (r₁, r₂) corr (r₂, r₃) corr (r₁, r₃) −0.013927 −0.002873−0.010771

The correlation is negligibly small, which means that cipheredinformation is encapsulated into white noise and is not analyzable by athird party. There are no known algorithms to decrypt the cipheredinformation without the encryption key.

In the approaches described herein, there are neither restrictions norrequirements on the encryption key number and length. All keys are equalin terms of crypt analysis resistance. Additionally, there are nocorrelations between the plain text and the ciphered random numbers (r₁,r₂, r₃), as the combinations of them are unpredictable. There are noknown algorithms which can decrypt ciphered random numbers (r₁, r₂, r₃)into plain text without the key. There are no known algorithms which canrecalculate the encryption key using visible ciphered random numbers(r₁, r₂, r₃) and visible plain text. There is no need for rotation ofencryption keys if a physical, completely unpredictable random numbergenerator is used. The series repetition period of real random numbers(r₁, r₂, r₃) is infinite.

Computational time needed to encrypt and decrypt data by the methoddescribed herein is significantly smaller than commonly used algorithms.Since the method uses polynomial functions, the transaction of numbers(or ASCII) should be controlled by calculation procedures. The analysisof 25,600,000 transactions demonstrates that the final error of thesecret key value estimate does not exceed 0.001%. This means that, forexample, the transaction of the letter ‘A,’ which is represented by theinteger number 65 (ASCII), after all transformations from client toserver could be calculated to be a number about 64.9999 (and depends inpart on the random generator variables during the transaction).

A comparison of the features of a standard symmetrical method and themethod described herein are given in Table 4 below.

TABLE 4 WNT One Pass Transaction Symmetrical (in combination with ThreeFeatures FIPS Pub 197 Pass Transaction) Encryption Key Rotation MustHave Not Needed Processing time Costly Negligible Security resistanceand Strong relation No Relation key length Hack Costly Never(Potentially Impossible) Public net output for Constant, Random,Unpredictable constant input (without Predictable key rotation)

A computer program was developed to implement the method describedherein. As shown in FIG. 4 , Alice securely sends her secret text “Hellobob” to Bob using the three pass transaction. In FIG. 4 , random valuesappear to a third party during the three pass transaction (speciallyshown in the blue box).

Among other benefits, the processes described herein can be used toachieve unbreakable (or nearly unbreakable) encryption over wireless,wired, and public networks, and against quantum computing attacks. Itrequires relatively little processing power for encrypting anddecrypting and, thus, can be used for rapid verification andtransactions. A practically limitless number of new keys can begenerated on the fly. Thus, the keys can be changed on everytransaction. Encryption and decryption can also occur on individualdevices due to the high speed of encryption and low processingrequirements. Further, there is no single point of compromise becauseevery individual party has their own key. If a key is compromised, it isthe one compromised and can be renewed or replaced.

An outline of various problems encountered and solutions that can beprovided by the cryptographic systems described herein are given inTable 5 below.

TABLE 5 Problem Solution Establishing a secure and reliable Digital IDsystem in the cloud for ID for all transactions processing Ids ID systemonly used for registration and verification Information unhackableHaving a secure payment system Payment system using ID that eliminatesfraud Email, internet banking, wireless transaction Cryptocurrency thatis secure Absolutely secure, stable, and and stable based on verifiableIDs Fast enough and secure trading Rapid trading and verification systemfor cryptocurrencies Trading exchanges connected to Exchange MobilePayments Integrity over wireless signals and public net Transactionscannot be defrauded via screening or copying Key Management System Cloudkey management service ID system to outsource all key managementresponsibilities People forget passwords and Pass eliminates the use ofpasswords are a weak point in passwords using ID center security

FIG. 5 illustrates a more particular example of a secret key transferprocess 30 according to the concepts described herein. While an exampleusing square matrices of a certain size is provided below, the conceptsdescribed herein can be extended to use with square matrices of anysize. Further, although the example below is presented in certain casesas steps between “Alice” and “Bob,” the process is conducted bycomputing systems or devices.

At the outset, consider the key to be exchanged, K, as a sequence of mbytes, each including one of the ASCII codes from 0 to 255, as follows:

K={k ₁ ,k ₂ , . . . ,k _(m)},0≤k _(i)≤255.

For example, the key string “ABCD” can be presented as ASCII codesK={65, 66, 67, 68}. A sequence of real numbers X can then be defined asa transformation of the key numbers (i.e., k₁, k₂, k_(m)), which areintegers, into real ones, as follows:

X=Φ(K),Φ:N ^(m) →R ^(m) and

X={x ₁ ,x ₂ , . . . ,x _(m) },x _(i) ∈R.

The sequence of real numbers is put into set of second order squarematrices, as follows:

$X = {{❘\begin{matrix}x_{1} & x_{2} \\x_{3} & x_{4}\end{matrix}❘}\ldots{❘\begin{matrix}x_{m - 3} & x_{m - 2} \\x_{m - 1} & x_{m}\end{matrix}❘}}$

If the number of real key numbers is not multiple of four, the lastmatrix is not fully filled in. In this case, the rest of the matrixmembers can be generated and added as any random numbers withoutinfluencing the algorithm.

Now, assume that Alice wants to pass the secret key K to Bob. Forsimplicity, however, consider one square matrix X, as follows:

$X = {❘\begin{matrix}x_{1} & x_{2} \\x_{3} & x_{4}\end{matrix}❘}$

The matrix X decomposes into two singular matrices Z₁ and Z₂

X = Z₁Z₂, ${Z_{1} = {❘\begin{matrix}Z_{1} & Z_{2} \\Z_{3} & \frac{Z_{2}Z_{3}}{Z_{3}}\end{matrix}❘}},{and}$ $Z_{2} = {❘\begin{matrix}Z_{4} & Z_{5} \\Z_{6} & \frac{Z_{3}Z_{5}}{Z_{6}}\end{matrix}❘}$

At step 302, the process includes forming the matrix X as a singularmatrix using a number of the real key numbers of the secret key K basedon the following relationship x₄=x₂x₃/x₁. In that case, the inverse ofmatrix X, or X⁻¹, does not exist (see properties of singular matricesand matrix determinants in APPENDIX). In that case, the matrix Xrepresents a portion of the secret key K, {k₁, k₂, k₃}.

As part of a first pass transaction, at step 302, the process furtherincludes generating a uniformly distributed random matrices Y₁, Y₂ andinverse matrices Y₁ ⁻¹, Y₂ ⁻¹, as follows:

${Y_{1} = {❘\begin{matrix}y_{1} & y_{2} \\y_{3} & y_{4}\end{matrix}❘}},$ ${Y_{1}^{- 1} = \frac{❘\begin{matrix}y_{4} & {- y_{2}} \\{- y_{3}} & y_{1}\end{matrix}❘}{{y_{1}y_{4}} - {y_{2}y_{3}}}},{y_{i} \in R},{{y_{1}y_{4}} \neq {y_{2}y_{3}}},$${Y_{2} = {❘\begin{matrix}y_{5} & y_{6} \\y_{7} & y_{8}\end{matrix}❘}},{and}$ ${Y_{2}^{- 1} = \frac{❘\begin{matrix}y_{8} & {- y_{6}} \\{- y_{7}} & y_{5}\end{matrix}❘}{{y_{5}y_{8}} - {y_{6}y_{7}}}},{y_{i} \in R},{{y_{5}y_{8}} \neq {y_{6}{y_{7}.}}}$

At step 302, the process also includes generating uniformly distributedrandom centrosymmetric A₁, A₂, B₁, B₂, and inverse A₁ ⁻¹, A₂ ⁻¹, B₁ ⁻¹,B₂ ⁻¹ matrices as follows:

${A_{1} = {❘\begin{matrix}a_{1} & a_{2} \\a_{2} & a_{1}\end{matrix}❘}},$ ${A_{2} = {❘\begin{matrix}a_{3} & a_{4} \\a_{4} & a_{3}\end{matrix}❘}},$ ${A_{1}^{- 1} = \frac{❘\begin{matrix}a_{1} & {- a_{2}} \\{- a_{2}} & a_{1}\end{matrix}❘}{a_{1}^{2} - a_{2}^{2}}},$${A_{2}^{- 1} = \frac{❘\begin{matrix}a_{3} & a_{4} \\a_{4} & a_{3}\end{matrix}❘}{a_{3}^{2} - a_{4}^{2}}},{a_{i} \in R},{a_{1}^{2} \neq a_{2}^{2}},{a_{3}^{2} \neq a_{4}^{2}},$${B_{1} = {❘\begin{matrix}b_{1} & b_{2} \\b_{2} & b_{1}\end{matrix}❘}},$ ${B_{2} = {❘\begin{matrix}b_{3} & b_{4} \\b_{4} & b_{3}\end{matrix}❘}},$ ${B_{1}^{- 1} = \frac{❘\begin{matrix}b_{1} & {- b_{2}} \\{- b_{2}} & b_{1}\end{matrix}❘}{b_{1}^{2} - b_{2}^{2}}},$${B_{2}^{- 1} = {❘\begin{matrix}b_{3} & {- b_{4}} \\{- b_{4}} & b_{3}\end{matrix}❘}},{b_{i} \in R},{b_{1}^{2} \neq b_{2}^{2}},{b_{3}^{2} \neq {b_{4}^{2}.}}$

Centrosymmetric square matrices A and B are always of the form AB=BA.

At step 304, the process includes Alice generating and sending matricesM₁ and M₂ to Bob, as follows:

${M_{1} = {❘\begin{matrix}m_{1}^{(1)} & m_{2}^{(1)} \\m_{3}^{(1)} & m_{4}^{(1)}\end{matrix}❘}},$ ${M_{2} = {❘\begin{matrix}m_{1}^{(2)} & m_{2}^{(2)} \\m_{3}^{(2)} & m_{4}^{(2)}\end{matrix}❘}},$ ${M_{3} = {❘\begin{matrix}m_{1}^{(3)} & m_{2}^{(3)} \\m_{3}^{(3)} & m_{4}^{(3)}\end{matrix}❘}},{and}$ ${M_{4} = {❘\begin{matrix}m_{1}^{(4)} & m_{2}^{(4)} \\m_{3}^{(4)} & m_{4}^{(4)}\end{matrix}❘}},$

which are generated according to the following calculations:

M ₁ =Y ₁ A ₁,  (3)

M ₂ =B ₁ Y ₁ ⁻¹ Z ₁,  (4)

M ₃ =Y ₂ A ₂, and  (5)

M ₄ =B ₂ Y ₂ ⁻¹ Z ₂,  (6)

Thus, at step 304, Alice sends to Bob fourteen publicly visible values(m₁ ⁽¹⁾, m₂ ⁽¹⁾, m₃ ⁽¹⁾, m₄ ⁽¹⁾, m₁ ⁽²⁾, m₂ ⁽²⁾, m₃ ⁽²⁾, m₁ ⁽³⁾, m₂ ⁽³⁾,m₃ ⁽³⁾, m₄ ⁽³⁾, m₁ ⁽⁴⁾, m₂ ⁽⁴⁾, m₃ ⁽⁴⁾) of matrices M₁, M₂, M₃ and M₄that are calculated from twenty-two independent unknown (for the thirdparty) variables (a₁, a₂, a₃, a₄, b₁, b₂, b₃, b₄, y₁, y₂, y₃, y₄, y₅,y₆, y₇, y₈, z₁, z₂, z₃, z₄, z₅, z₆) known by Alice only, as follows:

m₁⁽¹⁾ = a₁y₁ + a₂y₂, m₂⁽¹⁾ = a₂y₁ + a₁y₂, m₃⁽¹⁾ = a₁y₃ + a₂y₄,m₄⁽¹⁾ = a₂y₃ + a₁y₄,${m_{1}^{(2)} = \frac{{b_{1}\left( {{x_{1}y_{4}} - {x_{3}y_{2}}} \right)} + {b_{2}\left( {{x_{3}y_{1}} - {x_{1}y_{3}}} \right)}}{{y_{1}y_{4}} - {y_{2}y_{3}}}},$${m_{2}^{(2)} = \frac{{b_{1}\left( {{x_{2}y_{4}} - {y_{2}x_{2}x_{3}/x_{1}}} \right)} + {b_{2}\left( {{y_{1}x_{2}x_{3}/x_{1}} - {x_{2}y_{3}}} \right)}}{{y_{1}y_{4}} - {y_{2}y_{3}}}},$$m_{3}^{(2)} = \frac{{b_{2}\left( {{x_{1}y_{4}} - {x_{3}y_{2}}} \right)} + {b_{1}\left( {{x_{3}y_{1}} - {x_{1}y_{3}}} \right)}}{{y_{1}y_{4}} - {y_{2}y_{3}}}$m₁⁽³⁾ = a₃y₅ + a₄y₆, m₂⁽³⁾ = a₄y₅ + a₃y₆, m₃⁽³⁾ = a₃y₇ + a₄y₈,m₄⁽³⁾ = a₄y₇ + a₃y₈,${m_{1}^{(4)} = \frac{{b_{3}\left( {{x_{4}y_{8}} - {x_{6}y_{6}}} \right)} + {b_{4}\left( {{x_{6}y_{5}} - {x_{4}y_{7}}} \right)}}{{y_{5}y_{4}} - {y_{6}y_{8}}}},$${m_{2}^{(4)} = \frac{{b_{3}\left( {{x_{5}y_{8}} - {y_{6}\frac{x_{5}x_{6}}{x_{4}}}} \right)} + {b_{4}\left( {{y_{5}\frac{x_{5}x_{6}}{x_{4}}} - {x_{5}y_{7}}} \right)}}{{y_{5}y_{8}} - {y_{6}y_{7}}}},{and}$$m_{3}^{(4)} = {\frac{{b_{4}\left( {{x_{4}y_{8}} - {x_{6}y_{6}}} \right)} + {b_{3}\left( {{x_{6}y_{5}} - {x_{x}y_{7}}} \right)}}{{y_{5}y_{8}} - {y_{6}y_{7}}}.}$

The variable m₄ ⁽²⁾ and m₄ ⁽⁴⁾ of the singular matrices M₂ and M₂ areused as m₄ ⁽²⁾=m₂ ⁽²⁾m₃ ⁽²⁾/m₁ ⁽²⁾ and m₄ ⁽²⁾=m₂ ⁽²⁾m₃ ⁽²⁾/m₁ ⁽²⁾.

As a second pass transaction, at step 306, the process includes Bobreceiving the M₁ and M₂ matrices from Alice. At step 306, the processincludes generating uniformly distributed random centrosymmetricmatrices C₁, C₂ and inverse C₁ ⁻¹, C₂ ⁻¹ matrices, as follows:

${C_{1} = {❘\begin{matrix}c_{1} & c_{2} \\c_{2} & c_{1}\end{matrix}❘}},$ ${C_{2} = {❘\begin{matrix}c_{3} & c_{4} \\c_{4} & c_{3}\end{matrix}❘}},$ ${C_{1}^{- 1} = \frac{❘\begin{matrix}c_{1} & {- c_{2}} \\{- c_{2}} & c_{1}\end{matrix}❘}{c_{1}^{2} - c_{2}^{2}}},{c_{i} \in R},{c_{1}^{2} \neq c_{2}^{2}},{and}$${C_{2}^{- 1} = \frac{❘\begin{matrix}c_{3} & {- c_{4}} \\{- c_{4}} & c_{3}\end{matrix}❘}{c_{3}^{2} - c_{4}^{2}}},{c_{i} \in R},{c_{3}^{2} \neq {c_{4}^{2}.}}$

The process at step 306 also includes generating uniformly distributedrandom matrices D and H, as follows:

${D = {❘\begin{matrix}d_{1} & d_{2} \\d_{3} & d_{4}\end{matrix}❘}},{and}$ ${H = {❘\begin{matrix}h_{1} & h_{2} \\h_{3} & h_{4}\end{matrix}❘}},d_{i},{h_{i} \in R},{{d_{1}d_{4}} \neq {d_{2}d_{3}}},{{h_{1}h_{4}} \neq {h_{2}{h_{3}.}}}$

The process at step 306 also includes generating corresponding inversematrices D⁻¹ and H⁻¹, as follows:

${D^{- 1} = \frac{❘\begin{matrix}d_{1} & d_{2} \\d_{3} & d_{4}\end{matrix}❘}{{d_{1}d_{4}} - {d_{2}d_{3}}}},{and}$$H^{- 1} = {\frac{❘\begin{matrix}h_{1} & h_{2} \\h_{3} & h_{4}\end{matrix}❘}{{h_{1}h_{4}} - {h_{2}h_{3}}}.}$

The process at step 306 also includes generating the matrices M₅, M₆, M₇and M₈, as follows:

${M_{5} = {❘\begin{matrix}m_{1}^{(5)} & m_{2}^{(5)} \\m_{3}^{(5)} & m_{4}^{(5)}\end{matrix}❘}},$ ${M_{6} = {❘\begin{matrix}m_{1}^{(6)} & m_{2}^{(6)} \\m_{3}^{(6)} & m_{4}^{(6)}\end{matrix}❘}},$ ${M_{7} = {❘\begin{matrix}m_{1}^{(7)} & m_{2}^{(7)} \\m_{3}^{(7)} & m_{4}^{(7)}\end{matrix}❘}},{and}$ ${M_{8} = {❘\begin{matrix}m_{1}^{(8)} & m_{2}^{(8)} \\m_{3}^{(8)} & m_{4}^{(8)}\end{matrix}❘}},$

as a result of the following calculations:

M ₅ =DM ₁ C ₁ ⁻¹ =D ₁ Y ₁ A ₁ C ₁ ⁻¹,  (7)

M ₆ =C ₁ M ₂ E=C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E,  (8)

M ₇ =E ⁻¹ M ₃ C ₂ ⁻¹ =E ⁻¹ YA ₂ C ₂ ⁻¹, and  (9)

M ₈ =C ₂ M ₄ H=C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H,  (10)

At step 308, the process includes Bob sending to Alice fourteen publiclyvisible values (m₁ ⁽⁵⁾, m₂ ⁽⁵⁾, m₃ ⁽⁵⁾, m₄ ⁽⁵⁾, m₁ ⁽⁶⁾, m₂ ⁽⁶⁾, m₃ ⁽⁶⁾,m₁ ⁽⁷⁾, m₂ ⁽⁷⁾, m₃ ⁽⁷⁾, m₄ ⁽⁷⁾, m₁ ⁽⁸⁾, m₂ ⁽⁸⁾, m₃ ⁽⁸⁾) of matrices M₃and M₄ that are calculated from sixteen independent unknown (for thethird party) variables (c₁, c₂, c₃, c₄, d₁, d₂, d₃, d₄, e₁, e₂, e₃, e₄,h₁, h₂, h₃, h₄) which are known by Bob only, as follows:

${m_{1}^{(5)} = \frac{{c_{1}\left( {{d\text{?}m\text{?}} + {d_{2}m\text{?}}} \right)} - {c_{2}\left( {{d\text{?}m\text{?}} + {d\text{?}m_{4}^{(1)}}} \right)}}{{c\text{?}} - {c\text{?}}}},$${m_{2}^{(5)} = \frac{{c_{1}\left( {{d\text{?}m\text{?}} + {d_{2}m\text{?}}} \right)} - {c_{2}\left( {{d\text{?}m\text{?}} + {d\text{?}m_{4}^{(1)}}} \right)}}{{c\text{?}} - {c\text{?}}}},$${m_{3}^{(5)} = \frac{{c_{1}\left( {{d\text{?}m\text{?}} + {d_{2}m\text{?}}} \right)} - {c_{2}\left( {{d\text{?}m\text{?}} + {d\text{?}m_{4}^{(1)}}} \right)}}{{c\text{?}} - {c\text{?}}}},$${m_{4}^{(5)} = \frac{{c_{1}\left( {{d\text{?}m\text{?}} + {d_{2}m\text{?}}} \right)} - {c_{2}\left( {{d\text{?}m\text{?}} + {d\text{?}m_{4}^{(1)}}} \right)}}{{c\text{?}} - {c\text{?}}}},$m₁⁽⁶⁾ = (c₁m₁⁽²⁾ + c₂m₃⁽²⁾)e₁ + (c₁m₂⁽²⁾ + c₂m₄⁽²⁾)e₃,m₂⁽⁶⁾ = (c₁m₁⁽²⁾ + c₂m₃⁽²⁾)e₂ + (c₃m₂⁽²⁾ + c₂m₄⁽²⁾)e₄,m₃⁽⁶⁾ = (c₂m₁⁽²⁾ + c₁m₃⁽²⁾)e₁ + (c₂m₂⁽²⁾ + c₁m₄⁽²⁾)e₃,m₄⁽⁶⁾ = m₂⁽⁶⁾m₃⁽⁶⁾/m₁⁽⁶⁾,${m_{1}^{(7)} = \frac{{c\text{?}\left( {{c\text{?}m_{1}^{(3)}} - {c\text{?}m\text{?}}} \right)} - {c_{4}\left( {{c\text{?}m_{2}^{(3)}} - {c\text{?}m\text{?}}} \right)}}{\left( {c_{3}^{2} - c_{4}^{2}} \right)\left( {{e_{1}e_{4}} - {e_{2}e_{3}}} \right)}},$${m_{2}^{(7)} = \frac{{c\text{?}\left( {{c\text{?}m_{2}^{(3)}} - {c\text{?}m\text{?}}} \right)} - {c_{4}\left( {{c\text{?}m\text{?}} - {c\text{?}m\text{?}}} \right)}}{\left( {c_{3}^{2} - c_{4}^{2}} \right)\left( {{e_{1}e_{4}} - {e_{2}e_{3}}} \right)}},$${m_{3}^{(7)} = \frac{{c\text{?}\left( {{c\text{?}m_{3}^{(3)}} - {c\text{?}m\text{?}}} \right)} - {c_{4}\left( {{c\text{?}m\text{?}} - {c\text{?}m\text{?}}} \right)}}{\left( {c_{3}^{2} - c_{4}^{2}} \right)\left( {{e_{1}e_{4}} - {e_{2}e_{3}}} \right)}},$${m_{4}^{(7)} = \frac{{c\text{?}\left( {{c\text{?}m_{4}^{(3)}} - {c\text{?}m\text{?}}} \right)} - {c_{4}\left( {{c\text{?}m\text{?}} - {c\text{?}m\text{?}}} \right)}}{\left( {c_{3}^{2} - c_{4}^{2}} \right)\left( {{e_{1}e_{4}} - {e_{2}e_{3}}} \right)}},$m₁⁽⁸⁾ = (c₃m₁⁽⁴⁾ + c₄m₃⁽⁴⁾)h₁ + (c₃m₂⁽⁴⁾ + c₄m₄⁽⁴⁾)h₃,m₂⁽⁸⁾ = (c₃m₁⁽⁴⁾ + c₄m₃⁽⁴⁾)h₂ + (c₃m₂⁽⁴⁾ + c₄m₄⁽⁴⁾)h₄,m₃⁽⁸⁾ = (c₄m₁⁽⁴⁾ + c₃m₃⁽⁴⁾)h₁ + (c₄m₂⁽⁴⁾ + c₃m₄⁽⁴⁾)h₃,?indicates text missing or illegible when filed

and

As a third pass transaction, at step 310, the process includes Alicereceiving from Bob the matrices M₅, M₆, M₇ and M₈ as follows:

M ₅ =DY ₁ A ₁ C ₁ ⁻¹,

M ₆ =C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E,

M ₇ =E ⁻¹ Y ₂ A ₂ C ₂ ⁻¹, and

M ₈ =CBY ⁻¹ XH.

Note that centrosymmetric matrices satisfy the following conditions:

AC ⁻¹ =C ⁻¹ A and

CB=BC,

meaning that the matrices M₅, M₆, M₇, and M₈ can be transformed into:

M ₅ =DY ₁ A ₁ C ₁ ⁻¹ =DY ₁ C ₁ ⁻¹ A ₁,

M ₆ =C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E=B ₁ C ₁ Y ₁ ⁻¹ Z ₁ E,

M ₇ =E ⁻¹ Y ₂ A ₂ C ₂ ⁻¹ =E ⁻¹ Y ₂ C ₂ ⁻¹ A ₂, and

M ₈ =C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H=B ₂ C ₂ Y ₂ ⁻¹ Z ₂ H.

Thus, at step 312, the process includes multiplying the matrices M₅, M₆,M₇ and M₈ with the known inverse matrices A₁ ⁻¹, A₂ ⁻¹, B₁ ⁻¹ and B₂ ⁻¹,respectively, as follows:

M ₅ A ₁ ⁻¹ =DY ₁ C ₁ ⁻¹ A ₁ A ₁ ⁻¹ =DY ₁ C ₁ ⁻¹,

B ₁ ⁻¹ M ₆ =B ₁ ⁻¹ B ₁ C ₁ Y ₁ ⁻¹ Z ₁ E=C ₁ Y ₁ ⁻¹ Z ₁ E,

M ₇ A ₂ ⁻¹ =E ⁻¹ Y ₂ C ₂ ⁻¹ A ₂ A ₂ ⁻¹ =E ⁻¹ Y ₂ C ₂ ⁻¹, and

B ₂ ⁻¹ M ₈ =B ₂ ⁻¹ B ₂ C ₂ Y ₂ ⁻¹ Z ₂ H=C ₂ Y ₂ ⁻¹ Z ₂ H.

Further, at step 314, the process includes multiplying the results ofthose together to arrive at the matrix M₅, as follows:

M₉ = M₅A₁⁻¹B₁⁻¹M₆M₇A₂⁻¹B₂⁻¹M₈,M₉ = DY₁C₁⁻¹C₁Y₁⁻¹Z₁EE⁻¹Y₂C₂⁻¹C₂Y₂⁻¹Z₂H = DZ₁Z₂H, suchthat$\begin{matrix}{{M_{9} = {DXH}},{and}} & (11)\end{matrix}$ $M_{9} = {{❘\begin{matrix}m_{1}^{(9)} & m_{2}^{(9)} \\m_{3}^{(9)} & m_{4}^{(9)}\end{matrix}❘}.}$

At step 316, the process includes Alice sending the following threepublicly visible values to Bob (m₁ ⁽⁹⁾, m₂ ⁽⁹⁾, m₃ ⁽⁹⁾), as follows:

m ₁ ⁽⁹⁾=(d ₁ x ₁ +d ₂ x ₃)h ₁+(d ₁ x ₂ +d ₂ x ₄)h ₃,

m ₂ ⁽⁹⁾=(d ₁ x ₁ +d ₂ x ₃)h ₂+(d ₁ x ₂ +d ₂ x ₄)h ₄,

m ₃ ⁽⁹⁾=(d ₃ x ₁ +d ₄ x ₃)h ₁+(d ₃ x ₂ +d ₄ x ₄)h ₃, and

m ₄ ⁽⁹⁾ =m ₃ ⁽⁹⁾ m ₂ ⁽⁹⁾ /m ₁ ⁽⁹⁾.

Thus, as part of the final key restoration at step 316, Bob receives thematrix M9 from Alice, as follows:

M ₉ =DXH.

At step 318, the process includes Bob restoring the key X from Alice byusing inverse matrices D⁻¹ and H⁻¹, which are known to Bob, and thematrix M₅, as follows:

D ⁻¹ M ₉ H ⁻¹ =D ⁻¹ DXHH ⁻¹ =X.

As shown in Table 6 below, the entire scheme of the key exchange processcan be performed using an exchange of matrices with a correspondingnumber of different unknown independent variables (underlined in Table6) and visible (by the third party) values (bolded in Table 6). Thisscheme demonstrates that the number of unknown independent variablesalways exceeds the number of visible independent values in anycombination of subsets of matrices.

This means that the system of nonlinear equations is an indeterminatesystem. There are no algorithms for the third party to obtain unknownindependent variables including the secret key X using the visibleindependent values.

TABLE 6 Independent Variables Variables Values 1 Alice Y₁A₁ A₁[2], Y₁[4]22 M₁[4] 4 14 B₁Y₁ ⁻¹Z₁ B₁[2], Z₁[3] M₂[4] 3 Y₂A₂ A₂[2], Y₂[4] M₃[4] 4B₂Y₂ ⁻¹Z₂ B₂[2], Z₂[3] M₄[4] 3 2 Bob DY₁A₁C₁ ⁻¹ D [4], C₁[2] 16 M₅[4] 414 C₁B₁Y₁ ⁻¹ Z₁E E [4] M₆[4] 3 B⁻¹Y₂A₂C₂ ⁻¹ M₇[4] 4 C₂B₂Y₂ ⁻1 Z₂H C₂[2],H [4] M₈[4] 3 3 Alice DXH M₉[3] 3 3 Total 38 31

The direct restoration of the matrix X (using formula transformations ofEqs. 3-11 is also impossible. Note that the matrix X is singular. Itleads to several features, which are used to perform the key exchangealgorithm resistant against the third party decryption (see APPENDIX):

The matrices M₂, M₄, M₆, M₈, and M₉

M ₂ =B ₁ Y ₁ ⁻¹ Z ₁,

M ₄ =B ₂ Y ₂ ⁻¹ Z ₂,

M ₆ =C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E,

M ₈ =C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H, and

M ₉ =DZ ₁ Z ₂ H

are also singular (due to the matrices Z₁ and Z₂ being singular).

Thus, the equation M₅L₁M₆M₇L₂M₈=M₉ (from the Eqs. 7-10) can not beresolved in regards to centrosymmetric matrices L₁=A₁ ⁻¹B₁ ⁻¹ and L₂=A₂⁻¹B₂ ⁻¹ by the third party as far as the matrix M₉ is singular so, thedirect calculation X=M₁L₁M₂M₃L₂M₄ is not possible.

The concepts described herein can be used for other cryptographicoperations, such as key exchanging using authentication. FIG. 6illustrates an example secret material or key exchanging process usingauthentication according to the concepts described herein.

As shown in FIG. 6 , Alice wants to pass the secret key K to Bob. Theyuse Ed as an independent party for authentication. In the transaction,the square singular matrix

$X = {❘\begin{matrix}x_{1} & x_{2} \\x_{3} & x_{4}\end{matrix}❘}$

is used to represent the key K={k₁, k₂, k₃}, where x₄=x₂x₃/x₁.

It is assumed that Alice and Bob both have passed the authenticationprocedure and both have got corresponding session numbers N₁ ^(A), N₂^(A) and N₁ ^(B), N₂ ^(B) from Ed according to the concepts describedabove.

Alice and Bob form centrosymmetric matrices N^(A) and N^(B)correspondently, as follows:

$N_{A} = {{{❘\begin{matrix}N_{1}^{A} & N_{2}^{A} \\N_{2}^{A} & N_{1}^{A}\end{matrix}❘}{and}N_{AB}} = {{❘\begin{matrix}N_{1}^{B} & N_{2}^{B} \\N_{2}^{B} & N_{1}^{B}\end{matrix}❘}.}}$

As part of a first pass transaction, at step 402, the process 40includes Alice generating uniformly distributed random matrices Y₁, Y₂and inverse matrices Y₁ ⁻¹, Y₂ ⁻¹, as follows:

${Y_{1} = {❘\begin{matrix}y_{1} & y_{2} \\y_{3} & y_{4}\end{matrix}❘}},$ ${Y_{1}^{- 1} = \frac{❘\begin{matrix}y_{4} & {- y_{2}} \\{- y_{3}} & y_{1}\end{matrix}❘}{{y_{1}y_{4}} - {y_{2}y_{3}}}},{y_{i} \in R},{{y_{1}y_{4}} \neq {y_{2}y_{3}}},$${Y_{2} = {❘\begin{matrix}y_{5} & y_{6} \\y_{7} & y_{8}\end{matrix}❘}},{and}$ ${Y_{2}^{- 1} = \frac{❘\begin{matrix}y_{5} & {- y_{6}} \\{- y_{7}} & y_{8}\end{matrix}❘}{{y_{5}y_{8}} - {y_{6}y_{7}}}},{y_{i} \in R},{{y_{5}y_{8}} \neq {y_{6}{y_{7}.}}}$

Alice also generates uniformly distributed random centrosymmetricmatrices A and B, as follows:

${A_{1} = {❘\begin{matrix}a_{1} & a_{2} \\a_{2} & a_{1}\end{matrix}❘}},$ ${A_{2} = {❘\begin{matrix}a_{3} & a_{4} \\a_{4} & a_{3}\end{matrix}❘}},$ ${A_{1}^{- 1} = \frac{❘\begin{matrix}a_{1} & {- a_{2}} \\{- a_{2}} & a_{1}\end{matrix}❘}{a_{1}^{2} - a_{2}^{2}}},$${A_{2}^{- 1} = \frac{❘\begin{matrix}a_{3} & a_{4} \\a_{4} & a_{3}\end{matrix}❘}{a_{3}^{2} - a_{4}^{2}}},{a_{i} \in R},{a_{1}^{2} \neq a_{2}^{2}},{a_{3}^{2} \neq a_{4}^{2}},$${B_{1} = {❘\begin{matrix}b_{1} & b_{2} \\b_{2} & b_{1}\end{matrix}❘}},$ ${B_{2} = {❘\begin{matrix}b_{3} & b_{4} \\b_{4} & b_{3}\end{matrix}❘}},$ ${B_{2}^{- 1} = {❘\begin{matrix}b_{3} & {- b_{4}} \\{- b_{4}} & b_{3}\end{matrix}❘}},{b_{i} \in R},{b_{1}^{2} \neq b_{2}^{2}},{b_{3}^{2} \neq b_{4}^{2}},$

Note that any centrosymmetric square matrices A and B always have thefollowing feature: AB=BA. At step 404, the process includes Alicesending to Bob results as matrices M₁ and M₂, as follows:

${M_{1} = {❘\begin{matrix}m_{1}^{(1)} & m_{2}^{(1)} \\m_{3}^{(1)} & m_{4}^{(1)}\end{matrix}❘}},$ ${M_{2} = {❘\begin{matrix}m_{1}^{(2)} & m_{2}^{(2)} \\m_{3}^{(2)} & m_{4}^{(2)}\end{matrix}❘}},$ ${M_{3} = {❘\begin{matrix}m_{1}^{(3)} & m_{2}^{(3)} \\m_{3}^{(3)} & m_{4}^{(3)}\end{matrix}❘}},{and}$ $M_{4} = {{❘\begin{matrix}m_{1}^{(4)} & m_{2}^{(4)} \\m_{3}^{(4)} & m_{4}^{(4)}\end{matrix}❘}.}$

of the following calculations:

M ₁ =Y ₁ A ₁,  (1B)

M ₂ =B ₁ Y ₁ ⁻¹ Z ₁,  (2B)

M ₃ =Y ₂ A ₂, and  (3B)

M ₄ =B ₂ Y ₂ ⁻¹ Z ₂.  (4B)

As part of a second pass transaction, at step 406, Bob receives M₁ andM₂ from Alice. Bob generates uniformly distributed randomcentrosymmetric matrices C₁, C₂ and inverse C₁ ⁻¹, C₂ ⁻¹ matrices, asfollows:

${C_{1} = {❘\begin{matrix}c_{1} & c_{2} \\c_{2} & c_{1}\end{matrix}❘}},$ ${C_{2} = {❘\begin{matrix}c_{3} & c_{4} \\c_{4} & c_{3}\end{matrix}❘}},$ ${C_{1}^{- 1} = \frac{❘\begin{matrix}c_{1} & {- c_{2}} \\{- c_{2}} & c_{1}\end{matrix}❘}{c_{1}^{2} - c_{2}^{2}}},{c_{i} \in R},{c_{1}^{2} \neq c_{2}^{2}},{and}$${C_{2}^{- 1} = \frac{❘\begin{matrix}c_{3} & {- c_{4}} \\{- c_{4}} & c_{3}\end{matrix}❘}{c_{3}^{2} - c_{2}^{2}}},{c_{i} \in R},{c_{3}^{2} \neq {c_{4}^{2}.}}$

and uniformly distributed random matrices D and H, as follows:

${D = {❘\begin{matrix}d_{1} & d_{2} \\d_{3} & d_{4}\end{matrix}❘}},{and}$ ${H = {❘\begin{matrix}h_{1} & h_{2} \\h_{3} & h_{4}\end{matrix}❘}},d_{i},{h_{i} \in R},{{d_{1}d_{4}} \neq {d_{2}d_{3}}},{{h_{1}h_{4}} \neq {h_{2}h_{3}}},$

and correspondent inverse matrices D⁻¹ and H⁻¹, as follows:

${D^{- 1} = \frac{❘\begin{matrix}d_{1} & d_{2} \\d_{3} & d_{4}\end{matrix}❘}{{d_{1}d_{4}} - {d_{2}d_{3}}}},{and}$$H^{- 1} = {\frac{❘\begin{matrix}h_{1} & h_{2} \\h_{3} & h_{4}\end{matrix}❘}{{h_{1}h_{4}} - {h_{2}h_{3}}}.}$

At step 406, Bob also obtains the matrices M₅, M₆, M₇ and M₈, defined asfollows:

${M_{5} = {❘\begin{matrix}m_{1}^{(5)} & m_{2}^{(5)} \\m_{3}^{(5)} & m_{4}^{(5)}\end{matrix}❘}},$ ${M_{6} = {❘\begin{matrix}m_{1}^{(6)} & m_{2}^{(6)} \\m_{3}^{(6)} & m_{4}^{(6)}\end{matrix}❘}},$ ${M_{7} = {❘\begin{matrix}m_{1}^{(7)} & m_{2}^{(7)} \\m_{3}^{(7)} & m_{4}^{(7)}\end{matrix}❘}},{and}$ ${M_{8} = {❘\begin{matrix}m_{1}^{(8)} & m_{2}^{(8)} \\m_{3}^{(8)} & m_{4}^{(8)}\end{matrix}❘}},$

as a result of the following calculations:

M ₅ =DM ₁ C ₁ ⁻¹ =D ₁ Y ₁ A ₁ C ₁ ⁻¹,  (5B)

M ₆ =C ₁ M ₂ E=C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E,  (6B)

M ₇ =E ⁻¹ M ₃ C ₂ ⁻¹ =E ⁻¹ YA ₂ C ₂ ⁻¹, and  (7B)

M ₈ =C ₂ M ₄ H=C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H,  (8B)

As part of a third pass transaction, at step 408, the process includesAlice generating a uniformly distributed random matrix G, as follows:

${G = {❘\begin{matrix}g_{1} & g_{2} \\g_{3} & g_{4}\end{matrix}❘}},{g_{i} \in {R.}}$

Alice receives from Bob the matrices M₅, M₆, M₇ and M₈, as follows:

M ₅ =DY ₁ A ₁ C ₁ ⁻¹ =DY ₁ C ₁ ⁻¹ A ₁,

M ₆ =C ₁ B ₁ Y ₁ ⁻¹ Z ₁ E=B ₁ C ₁ Y ₁ ⁻¹ Z ₁ E,

M ₇ =E ⁻¹ Y ₂ A ₂ C ₂ ⁻¹ =E ⁻¹ Y ₂ C ₂ ⁻¹ A ₂, and

M ₈ =C ₂ B ₂ Y ₂ ⁻¹ Z ₂ H=B ₂ C ₂ Y ₂ ⁻¹ Z ₂ H.

At step 408, the process also includes Alice multiplying both thematrices M₅, M₆, M₇ and M₈ with the inverse matrices which are known toher, A₁ ⁻¹, A₂ ⁻¹, B₁ ⁻¹ and B₂ ⁻¹, respectively, as follows:

B₁⁻¹M₆ = B₁⁻¹B₁C₁Y₁⁻¹Z₁E = C₁Y₁⁻¹Z₁E,B₁⁻¹M₆ = B₁⁻¹B₁C₁Y₁⁻¹Z₁E = C₁Y₁⁻¹Z₁E,M₇A₂⁻¹ = E⁻¹Y₂C₂⁻¹A₂A₂⁻¹ = E⁻¹Y₂C₂⁻¹, andB₂⁻¹M₈ = B₂⁻¹B₂C₂Y₂⁻¹Z₂H = C₂Y₂⁻¹Z₂H,M₅ = GM₅A₁⁻¹B₁⁻¹M₆M₇A₂⁻¹B₂⁻¹M₈ = GDY₁C₁⁻¹C₁Y₁⁻¹Z₁EE⁻¹Y₂C₂⁻¹C₂Y₂⁻¹Z₂H, such$\begin{matrix}{{M_{9} = {{GDXH}{where}}},} & \left( {9B} \right)\end{matrix}$ $M_{9} = {{❘\begin{matrix}m_{1}^{(9)} & m_{2}^{(9)} \\m_{3}^{(9)} & m_{4}^{(9)}\end{matrix}❘}.}$

At step 410, the process includes Alice sending three publicly visiblevalues to Bob, including (m₁ ⁽⁹⁾, m₂ ⁽⁹⁾, m₃ ⁽⁹⁾). The matrix M₉ issingular and m₄ ⁽⁹⁾=m₃ ⁽⁹⁾m₂ ⁽⁹⁾/m₁ ⁽⁹⁾. At step 412, Alice also sendsfour publicly visible values to Ed (m₁ ⁽⁶⁾,m₂ ⁽⁶⁾,m₃ ⁽⁶⁾,m₄ ⁽⁶⁾) of thematrix M₁₀, defined as:

${M_{10} = {❘\begin{matrix}m_{1}^{(10)} & m_{2}^{(10)} \\m_{3}^{(10)} & m_{4}^{(10)}\end{matrix}❘}},$

as a result of the following calculations:

M ₁₀ −N ^(A) G.  (9B)

For authentication, Ed receives the matrix M6 from Alice. At step 414,Ed sends to Bob the matrix M₁₁ using the inverse matrix (N^(A))⁻¹ andthe matrix N^(B) as follows:

M ₁₁ =N ^(B)(N ^(A))⁻¹ N ^(A) G=N ^(B) G,

M ₁₁ =N ^(B) G.  (10B).

As part of the final key restoration, at step 416, the process includesBob receiving the matrix M₁₁ from Ed and obtaining the matrix G usingthe inverse matrix (N^(B))⁻¹, as follows:

G=(N ^(B))⁻¹ M ₁₁=(N ^(B))⁻¹ N ^(B) G.

Bob also receives the matrix M₉ from Alice at step 410. Using inversematrices G⁻¹, D⁻¹, and H⁻¹, which are known to Bob, he can restore thekey X from the received matrix M₅ as follows:

D ⁻¹ G ⁻¹ M ₉ H ⁻¹ =D ⁻¹ G ⁻¹ GDXH H ⁻¹ =X.

The embodiments described herein can be implemented by either a methodor process or as a system or device. The method can be performed usingany suitable computing device, and the system can be embodied as anysuitable computing device. The computing device can include at least oneprocessing system, for example, having one or more processors andmemories electrically and communicatively coupled together using a localinterface. The local interface can be embodied as a data bus with anaccompanying address/control bus or other addressing, control, and/orcommand lines.

In various embodiments, the memory can store data and software orexecutable code components executable by the processor. For example, thememory can store executable-code components associated withcryptographic operations for execution by the processor. The software orexecutable-code components can be developed using or embodied in variousprogramming languages, such as, for example, C, C++, C#, Objective C,JAVA®, JAVASCRIPT®, Perl, PHP, VISUAL BASIC®, PYTHON®, RUBY, FLASH®, orother programming languages.

The embodiments can rely, in part, on executable instructions orinstructions for execution by the computing device. The terms“executable” or “for execution” refer to software forms that canultimately be run or executed by a processor, whether in source, object,machine, or other form. Examples of executable programs include, forexample, a compiled program that can be translated into a machine codeformat and loaded into a random access portion of memory and executed bya processor, source code that can be expressed in an object code formatand loaded into a random access portion of the memory and executed bythe processor, or source code that can be interpreted by anotherexecutable program to generate instructions in a random access portionof the memory and executed by the processor, etc.

An executable program can be stored in any portion or component of thememory including, for example, a random access memory (RAM), read-onlymemory (ROM), magnetic or other hard disk drive, solid-state,semiconductor, or similar drive, universal serial bus (USB) flash drive,memory card, optical disc (e.g., compact disc (CD)) or digital versatiledisc (DVD)), floppy disk, magnetic tape, or other memory component.

Although the process diagram shown in FIGS. 2 and 5 illustrate a certainorder, it is understood that the order can differ from that which isdepicted. For example, an order of execution of two or more blocks canbe scrambled relative to the order shown. Also, two or more blocks shownin succession can be executed concurrently or with partial concurrence.Further, in some embodiments, one or more of the blocks can be skippedor omitted. In addition, any number of counters, state variables,warning semaphores, or messages might be added to the logical flowdescribed herein, for purposes of enhanced utility, accounting,performance measurement, or providing troubleshooting aids, etc. It isunderstood that all such variations are within the scope of the presentdisclosure.

Also, any algorithm, method, process, or logic described herein that areembodied, at least in part, by software or executable-code components,can be embodied or stored in any tangible or non-transitorycomputer-readable medium or device for execution by an instructionexecution system such as a general purpose processor. In this sense, thelogic can be embodied as, for example, software or executable-codecomponents that can be fetched from the computer-readable medium andexecuted by the instruction execution system. Thus, the instructionexecution system can be directed by execution of the instructions toperform certain processes such as those illustrated in FIG. 2 . In thecontext of the present disclosure, a “computer-readable medium” can beany tangible medium that can contain, store, or maintain any logic,application, software, or executable-code component described herein foruse by or in connection with an instruction execution system.

The computer-readable medium can include any physical media such as, forexample, magnetic, optical, or semiconductor media. More specificexamples of suitable computer-readable media include, but are notlimited to, magnetic tapes, magnetic floppy diskettes, magnetic harddrives, memory cards, solid-state drives, USB flash drives, or opticaldiscs. Also, the computer-readable medium can include a RAM including,for example, an SRAM, DRAM, or MRAM. In addition, the computer-readablemedium can include a ROM, a PROM, an EPROM, an EEPROM, or other similarmemory device.

Disjunctive language, such as the phrase “at least one of X, Y, or Z,”unless specifically stated otherwise, is to be understood with thecontext as used in general to present that an item, term, etc., can beeither X, Y, or Z, or any combination thereof (e.g., X, Y, and/or Z).Thus, such disjunctive language is not generally intended to, and shouldnot, imply that certain embodiments require at least one of X, at leastone of Y, or at least one of Z to be each present.

It should be emphasized that the above-described embodiments of thepresent disclosure are merely possible examples of implementations setforth for a clear understanding of the principles of the disclosure.Many variations and modifications can be made to the above-describedembodiment(s) without departing substantially from the spirit andprinciples of the disclosure. All such modifications and variations areintended to be included herein within the scope of this disclosure andprotected by the following claims.

1-20. (canceled)
 21. A method of cryptography, comprising: generating,with a first computing device, a first random lock; applying, with thefirst computing device, a cryptographic function to a combination ofsecret data and the first random lock to produce a first encryptedresult; and transmitting, with the first computing device, the firstencrypted result to a second computing device.
 22. The method ofcryptography according to claim 21, further comprising: generating, withthe second computing device, a second random lock; applying, with thesecond computing device, a second cryptographic function to acombination of the first encrypted result and the second random lock toproduce a second encrypted result; and transmitting, with the secondcomputing device, the second encrypted result to the first computingdevice.
 23. The method of cryptography according to claim 22, furthercomprising: applying, with the first computing device, a first inversecryptographic function to the second encrypted result to produce a firstresult; transmitting, with the first computing device, the first resultto the second computing device; and applying, with the second computingdevice, a second inverse cryptographic function to the first result todecrypt the secret data at the second computing device.
 24. The methodof cryptography according to claim 21, wherein the cryptographicfunction comprises at least one of a polynomial function or amultivariate polynomial function defined in part by one or morevariables and coefficients.
 25. The method of cryptography according toclaim 21, further comprising applying, with the computing device, aninverse cryptographic function to the first encrypted result to arriveat the secret data.
 26. The method of cryptography according to claim25, wherein the inverse cryptographic function comprises at least one ofan inverse polynomial function or an inverse multivariate polynomialfunction.
 27. The method of cryptography according to claim 21, furthercomprising: transmitting, with the first computing device, a symmetrickey from the first computing device to the second computing device,wherein the transmitting comprises: encrypting the symmetric key byapplying at least one associative cryptography key operation to thesymmetric key to create an encrypted symmetric key; and decrypting theencrypted symmetric key by applying at least one associativecryptography key operation to the encrypted symmetric key to produce thesymmetric key.
 28. The method of cryptography according to claim 27,wherein the at least one associative cryptography key operation is basedon applying a polynomial function composed by a combination ofindependent random variables with uniform probability distribution andwhite noise randomization.
 29. A computing device comprising: aprocessor; and a memory for storing an application to be executed by theprocessor, the application for: generating, with a first computingdevice, a first random lock; applying, with the first computing device,a cryptographic function to a combination of secret data and the firstrandom lock to produce a first encrypted result; and transmitting, withthe first computing device, the first encrypted result to a secondcomputing device.
 30. The computing device according to claim 29,wherein the application is further for: generating, with the secondcomputing device, a second random lock; applying, with the secondcomputing device, a second cryptographic function to a combination ofthe first encrypted result and the second random lock to produce asecond encrypted result; and transmitting, with the second computingdevice, the second encrypted result to the first computing device. 31.The computing device according to claim 30, wherein the application isfurther for: applying, with the first computing device, a first inversecryptographic function to the second encrypted result to produce a firstresult; transmitting, with the first computing device, the first resultto the second computing device; and applying, with the second computingdevice, a second inverse cryptographic function to the first result todecrypt the secret data at the second computing device.
 32. Thecomputing device according to claim 29, wherein the cryptographicfunction comprises at least one of a polynomial function or amultivariate polynomial function defined in part by one or morevariables and coefficients.
 33. The computing device according to claim29, wherein the application is further for applying, with the computingdevice, an inverse cryptographic function to the first encrypted resultto arrive at the secret data.
 34. The computing device according toclaim 33, wherein the inverse cryptographic function comprises at leastone of an inverse polynomial function or an inverse multivariatepolynomial function.
 35. The computing device according to claim 29,wherein the application is further for: transmitting, with the firstcomputing device, a symmetric key from the first computing device to thesecond computing device, wherein the transmitting comprises: encryptingthe symmetric key by applying at least one associative cryptography keyoperation to the symmetric key to create an encrypted symmetric key; anddecrypting the encrypted symmetric key by applying at least oneassociative cryptography key operation to the encrypted symmetric key toproduce the symmetric key.
 36. The computing device according to claim35, wherein the at least one associative cryptography key operation isbased on applying a polynomial function composed by a combination ofindependent random variables with uniform probability distribution andwhite noise randomization.
 37. A method of cryptography, comprising:generating, with a first computing device, a first random lock;applying, with the first computing device, a cryptographic function to acombination of secret data and the first random lock to produce a firstencrypted result; transmitting, with the first computing device, thefirst encrypted result to a second computing device; generating, withthe second computing device, a second random lock; applying, with thesecond computing device, a second cryptographic function to acombination of the first encrypted result and the second random lock toproduce a second encrypted result; transmitting, with the secondcomputing device, the second encrypted result to the first computingdevice; applying, with the first computing device, a first inversecryptographic function to the second encrypted result to produce a firstresult; transmitting, with the first computing device, the first resultto the second computing device; and applying, with the second computingdevice, a second inverse cryptographic function to the first result todecrypt the secret data at the second computing device.
 38. The methodof cryptography according to claim 37, wherein the cryptographicfunction comprises at least one of a polynomial function or amultivariate polynomial function defined in part by one or morevariables and coefficients.
 39. The method of cryptography according toclaim 37, further comprising applying, with the computing device, aninverse cryptographic function to the first encrypted result to arriveat the secret data.
 40. The method of cryptography according to claim39, wherein the inverse cryptographic function comprises at least one ofan inverse polynomial function or an inverse multivariate polynomialfunction.
 41. The method of cryptography according to claim 37, furthercomprising: transmitting, with the first computing device, a symmetrickey from the first computing device to the second computing device,wherein the transmitting comprises: encrypting the symmetric key byapplying at least one associative cryptography key operation to thesymmetric key to create an encrypted symmetric key; and decrypting theencrypted symmetric key by applying at least one associativecryptography key operation to the encrypted symmetric key to produce thesymmetric key.
 42. The method of cryptography according to claim 42,wherein the at least one associative cryptography key operation is basedon applying a polynomial function composed by a combination ofindependent random variables with uniform probability distribution andwhite noise randomization.